This post is older than 2 years and might not be relevant anymore
More Info: Consider searching for newer posts

ECDSA with nrfutil generated key

Hi all,

I am now testing with ecdsa example with nrfutil generated key. I found that the public key generated by nrf_crypto_ecc_public_key_from_raw is not the same format as the original code. The original one is 

 7052464D94B00000000000000217E617F0B6443928278F96999E69A23A4F2C152BDF6D6CDF66
E5B80282D4ED194A7DEBCB97712D2DDA3CA85AA8765A56F45FC758599652F2897C65306E5794

and the one that I use my own key is

7052464D94B0000000000000C440C5E60E842D4355FA71F68071CC552E77AEACDF68A88640F0
1A86B8D7257B5E9DACAA9E11EE92EB543A8AE369FE4E56B1B830C674BBD4B01C52C468CED568
 

When it goes to nrf_crypto_ecdsa_verify, it keep returning Error 0x8516: An internal error occurred when calling this function, after I change the public key to the original one, it resume normal with invalid signature. How can I fix this problem. Also, I found that the public key generated from nrfutil is not the same with openssl that if I use nrfutil's one on some online decoder, the public key can't verify the signature gen, while openssl one can. Thanks a lot.

Best regards,

MLai

Parents
  • Hi MLai,

    I think the discrepancy may be explained by different endianesses. openssl use big-endian while nrfutil use little endian. If you look at the bootloader implementation, you can see that we use nrf_crypto_internal_double_swap_endian() to changes the endianess prior to calling the nrf_crypto_ecc_public_key_from_raw() function.

    Best regards,

    Vidar

  • Thx for your reply, I can use the key generated from openssl now. But now I am trying to change the p1363 format of my signature to ASN1 format. I would like to know is there any way to do this in sdk 15.2. The function I am using now needs to state what is r and s, can I have any information when I generated the signature from nrf_crypto_ecdsa_sign, I look into the function and found that backend_implementation return the whole signature.

Reply
  • Thx for your reply, I can use the key generated from openssl now. But now I am trying to change the p1363 format of my signature to ASN1 format. I would like to know is there any way to do this in sdk 15.2. The function I am using now needs to state what is r and s, can I have any information when I generated the signature from nrf_crypto_ecdsa_sign, I look into the function and found that backend_implementation return the whole signature.

Children
Related